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DETAILED ACTION 

This Office Action is in response to the Applicant's Remarks filed April 1 1 , 2007. 
Claims 1-22 are pending and herein considered. 



Response to Arguments 

Applicant's arguments with respect to claims 1-22 have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 4 and 12 are rejected under 35 U.S.C. 112, second paragraph, as being 

indefinite for failing to particularly point out and distinctly claim the subject matter which 

applicant regards as the invention. It is unclear to the examiner how a message with 

no, or "zero length" may be sent and received. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 
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Claims 1-4, 7-12, and 15-22 are rejected under 35 U.S.C. 102(a) as being 
anticipated by Gunter Ollmann's Custom HTML Authentication - Best Practices 
on Securing Custom HTML Authenitcation Procedures , hereinafter referred to as 
Ollmann. 

As per claim 1, Ollmann teaches a system for addressing denial of service 
attacks directed at a web resource, comprising a system for detecting improper 
requests; and a system for responding to improper requests that issues an HTTP "OK" 
response code when improper request is detected (page 5). 

As per claim 2, Ollmann teaches wherein the system for responding stops 
issuing HTTP "OK" response codes and issues no response after a predetermined 
number of improper requests are detected (page 4 line 6 "automatically lockout after a 
threshold has been reached (e.g. three authentication failures)"). 

As per claim 3, Ollmann teaches wherein a request is deemed improper if the 
request is received from an unexpected host (page 4 line 35 "it may be possible to 
dynamically block an offending IP address" and line 32 "the web-based application must 
be able to track and log connections relating to the source IP address of the web 
client"). 

As per claim 4, Ollmann teaches wherein a request is deemed improper if the 
request has a zero length (pages 4-5). 

As per claim 7, Ollmann teaches wherein the HTTP "OK" response code 
comprises an HTTP 204 "OK" message code (pages 4-5). 
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As per claim 8, Ollmann teaches wherein the system for responding to improper 
requests includes a response protocol that utilizes a standard error handling procedure 
for a first improper request from a requesting resource, issues an HTTP OK response 
code for N subsequent improper requests from the requesting resource, and then stops 
responding to the requesting resource altogether (page 4 line 6 "automatically lockout 
after a threshold has been reached (e.g. three authentication failures)"). 

As per claim 9, Ollmann teaches wherein the web resource comprises a server 
(pages 1-3). 

As per claim 10, Ollmann teaches a method for addressing denial of service 
attacks directed at a web resource (page 5), comprising: receiving messages at the web 
resource; analyzing each message and determining if the message is improper; storing 
the source address of a message if the message is improper (pages 1-5); responding to 
a first improper message from an identified source address with an HTTP error 
response; responding to a set of subsequent improper messages from the identified 
source address with HTTP "OK" response codes (page 5); and stopping responses to 
the identified source address for all received improper messages after the set of 
subsequent improper messages have been responded to (page 4 line 6 "automatically 
lockout after a threshold has been reached (e.g. three authentication failures)"). 

As per claim 11, Ollmann teaches wherein a message is deemed improper if the 
message is received from an unexpected host (page 4 line 35 "it may be possible to 
dynamically block an offending IP address" and line 32 "the web-based application must 
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be able to track and log connections relating to the source IP address of the web 
client"). 

As per claim 12, Ollmann teaches wherein a message is deemed improper if the 
message has a zero length (pages 4-5). 

As per claim 15, Ollmann teaches wherein the HTTP "OK" response code 
comprises an HTTP 204 "OK" message code (pages 4-5). 

As per claim 16, Ollmann teaches wherein the HTTP "OK" response comprises 
an HTTP 200 "OK" message code (pages 4-5). 

As per claim 17, Ollmann teaches a program product stored on a recordable 
medium for addressing denial of service attacks directed at a web resource, comprising 
means for receiving messages at the web resource; means for analyzing each message 
and determining if the message is improper; means for storing the source address of a 
message if the message is improper (page 4 line 32 "the web-based application must 
be able to track and log connections relating to the source IP address of the web client. 
The application should be able to identify authentication failures to multiple user 
accounts initiated by a single IP address"); means for responding to a first improper 
message from an identified source address with an HTTP error response; and means 
for responding to subsequent improper messages from the identified source address 
with HTTP "OK" response codes (page 4 line 6 "automatically lockout after a threshold 
has been reached (e.g. three authentication failures)"). 

As per claim 18, Ollmann teaches means for stopping responses to the identified 
source address after a predetermined number of subsequent improper messages have 
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been received (page 4 line 6 "automatically lockout after a threshold has been reached 
(e.g. three authentication failures)"). 

As per claim 19, Ollmann teaches wherein a message is deemed improper if the 
message is received from an unexpected host; if the message has a zero length; if the 
message is neither an expected HTTP "post" nor an expected HTTP "get" command; or 
if the message includes a HTTP "post" or "get" command with unknown arguments 
(page 4 line 35 "it may be possible to dynamically block an offending IP address" and 
line 32 "the web-based application must be able to track and log connections relating to 
the source IP address of the web client"). 

As per claim 20, Ollmann teaches wherein the HTTP "OK" response codes 
comprise HTTP 204 "OK" response codes (pages 4-5). 

As per claim 21, Ollmann teaches wherein messages that are deemed proper 
are passed to the web resource for further processing (pages 3-4). 

As per claim 22, Ollmann teaches wherein the web resource is a web server 
(pages 1-3). 

Claim Rejections • 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 5, 6, 13, and 14 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Gunter Ollmann's Custom HTML Authentication - Best Practices on 
Securing Custom HTML Authenitcation Procedures ("Ollmann") as applied to claims 1- 
4, 7-12, and 15-22 above, and further in view of The World Wide Web Seucirty FAQ 
Number 8 entitled "Securing against Denial of Service Attacks" ("W3C"). 

As per claim 5, Ollmann fails to teach wherein a request is deemed improper is 
an HTTP "post" or HTTP "get" command is expected and neither an HTTP "post" nor an 
HTTP "get" command is received. 

W3C teaches wherein a request is deemed improper if an HTTP "post" or HTTP 
"get" command is expected and neither an HTTP "post" nor an HTTP "get" command is 
received (page 10). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to include within Ollmann's system the ability to deem a request 
improper when an HTTP post or get is expected and neither is received as described in 
W3C to provide for a more secure system protected against attacks such as trinoo, 
tfn2k and other attacks that are known to utilize alternate packets. 

As per claim 6, Ollmann fails to teach wherein a request is deemed improper if 
the request includes a HTTP "post" or "get" command with unknown arguments. 

W3C teaches wherein a request is deemed improper if the request includes a 
HTTP "post" or "get" command with unknown arguments (page 10). 
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It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to include within Ollmann's system the ability to deem a request 
improper when an HTTP post or get is received with unknown arguments as described 
in W3C to provide for a more secure system protected against attacks such as trinoo, 
tfn2k and other attacks that are known to utilize packets with unknown arguments. 

As per claim 13, Ollmann fails to teach wherein a request is deemed improper is 
an HTTP "post" or HTTP "get" command is expected and neither an HTTP "post" nor an 
HTTP "get" command is received. 

W3C teaches wherein a request is deemed improper if an HTTP "post" or HTTP 
"get" command is expected and neither an HTTP "post" nor an HTTP "get" command is 
received (page 10). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to include within Ollmann's system the ability to deem a request 
improper when an HTTP post or get is expected and neither is received as described in 
W3C to provide for a more secure system protected against attacks such as trinoo, 
tfn2k and other attacks that are known to utilize alternate packets. 

As per claim 14, Ollmann fails to teach wherein a request is deemed improper if 
the request includes a HTTP "post" or "get" command with unknown arguments. 

W3C teaches wherein a request is deemed improper if the request includes a 
HTTP "post" or "get" command with unknown arguments (page 10). 
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It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to include within Ollmann's system the ability to deem a request 
improper when an HTTP post or get is received with unknown arguments as described 
in W3C to provide for a more secure system protected against attacks such as trinoo, 
tfn2k and other attacks that are known to utilize packets with unknown arguments. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tamara Teslovich whose telephone number is (571) 

272- 4241. The examiner can normally be reached on Mon-Fri 8-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, calkS0O-7 86-91 99 (IN USA OR CANADA) or 571-272-1000. 
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